EDN Admin
Well-known member
Hi
I have a frustrating issue which would be dead simple to someone who understands this..
I am trying to create an XSL / XSLT file to printout the Windows Event Log from its XML form into CSV format. The default CSV format from the Event Log EXCLUDES the Eventdata which is next to useless.<br/>
The default Excel handling of the XML repeats the same record for every EventData entry !!<br/>
I want to printout the <System> info and the <EventData>
The web has no end of examples for books etc where you have <br/>
<library><br/>
<books><br/>
tags in here <br/>
</books>
In the event view case there is one extra level, e.g. <br/>
<br/>
<Events><br/>
<Event><br/>
<System><br/>
tags in here
<br/>
</System><br/>
<EventData><br/>
tags in here<br/>
</EventData><br/>
</Event>
No matter what i try, i cant reference the internal data. I want to be able to do an "all fields" report, some "*" syntax and also a more tailored "specific name"
<br/>
Note: The <EventData> has the ONE repeated field <DATA> (this being why Excel doesnt know what to do with it)
In the example below the output created is Start of macro"<br/>
I have tried about 20 different variants of match= and select=
>> Please, what is the magic trick ?
XSL[T]
<pre class="prettyprint <?xml version="1.0" encoding="utf-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:msxsl="urn:schemas-microsoft-com:xslt" exclude-result-prefixes="msxsl"
>
<xsl
utput method="text"/>
<xsl:template match="/
<xsl:text>Start of macro</xsl:text>
<xsl:for-each select ="Events/Event
<xsl:text>test </xsl:text>
<xsl:for-each select ="System
<xsl:value-of select ="."/>
<xsl:text>D</xsl:text>
</xsl:for-each>
<xsl:text>
</xsl:text>
</xsl:for-each>
### Example is missing <EventData> Handling
</xsl:template>
</xsl:stylesheet>[/code]
<br/>
INPUT
<pre class="prettyprint <?xml version="1.0" encoding="utf-8" standalone="yes" ?>
- <Events>
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event
- <System>
<Provider Name="Security" />
<EventID Qualifiers="0 675</EventID>
<Level>0</Level>
<Task>9</Task>
<Keywords>0x90000000000000</Keywords>
<TimeCreated SystemTime="2012-02-15T01:04:14.000000000Z" />
<EventRecordID>90813578</EventRecordID>
<Channel>C:TempAdlogs.evt</Channel>
<Computer>NR-DC-ABC01</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data>ABCLAV52$</Data>
<Data>%{S-1-5-21-2108032-2062508577-10721152-28962}</Data>
<Data>krbtgt/ABC.COM</Data>
<Data>0x0</Data>
<Data>0x19</Data>
<Data>10.176.17.159</Data>
</EventData>
</Event>[/code]
<br/>
Thanks !!
View the full article
I have a frustrating issue which would be dead simple to someone who understands this..
I am trying to create an XSL / XSLT file to printout the Windows Event Log from its XML form into CSV format. The default CSV format from the Event Log EXCLUDES the Eventdata which is next to useless.<br/>
The default Excel handling of the XML repeats the same record for every EventData entry !!<br/>
I want to printout the <System> info and the <EventData>
The web has no end of examples for books etc where you have <br/>
<library><br/>
<books><br/>
tags in here <br/>
</books>
In the event view case there is one extra level, e.g. <br/>
<br/>
<Events><br/>
<Event><br/>
<System><br/>
tags in here
<br/>
</System><br/>
<EventData><br/>
tags in here<br/>
</EventData><br/>
</Event>
No matter what i try, i cant reference the internal data. I want to be able to do an "all fields" report, some "*" syntax and also a more tailored "specific name"
<br/>
Note: The <EventData> has the ONE repeated field <DATA> (this being why Excel doesnt know what to do with it)
In the example below the output created is Start of macro"<br/>
I have tried about 20 different variants of match= and select=
>> Please, what is the magic trick ?
XSL[T]
<pre class="prettyprint <?xml version="1.0" encoding="utf-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:msxsl="urn:schemas-microsoft-com:xslt" exclude-result-prefixes="msxsl"
>
<xsl
utput method="text"/><xsl:template match="/
<xsl:text>Start of macro</xsl:text>
<xsl:for-each select ="Events/Event
<xsl:text>test </xsl:text>
<xsl:for-each select ="System
<xsl:value-of select ="."/>
<xsl:text>D</xsl:text>
</xsl:for-each>
<xsl:text>
</xsl:text>
</xsl:for-each>
### Example is missing <EventData> Handling
</xsl:template>
</xsl:stylesheet>[/code]
<br/>
INPUT
<pre class="prettyprint <?xml version="1.0" encoding="utf-8" standalone="yes" ?>
- <Events>
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event
- <System>
<Provider Name="Security" />
<EventID Qualifiers="0 675</EventID>
<Level>0</Level>
<Task>9</Task>
<Keywords>0x90000000000000</Keywords>
<TimeCreated SystemTime="2012-02-15T01:04:14.000000000Z" />
<EventRecordID>90813578</EventRecordID>
<Channel>C:TempAdlogs.evt</Channel>
<Computer>NR-DC-ABC01</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data>ABCLAV52$</Data>
<Data>%{S-1-5-21-2108032-2062508577-10721152-28962}</Data>
<Data>krbtgt/ABC.COM</Data>
<Data>0x0</Data>
<Data>0x19</Data>
<Data>10.176.17.159</Data>
</EventData>
</Event>[/code]
<br/>
Thanks !!
View the full article